search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft SQL Server vulnerable to buffer overflow

Vulnerability Note VU#584868

Original Release Date: 2003-07-24 | Last Revised: 2003-07-24

Overview

Microsoft SQL Server contains a buffer overflow vulnerability. A local attacker could leverage this vulnerability to gain elevated privileges and/or execute arbitrary code.

Description

Quoting from Microsoft Security Bulletin MS03-031:

A flaw exists in a specific Windows function that may allow an authenticated user with direct access to log on to the system running SQL Server the ability create a specially crafted packet that, when sent to the listening local procedure call (LPC) port of the system, could cause a buffer overrun. If successfully exploited, this could allow a user with limited permissions on the system to elevate their permissions to the level of the SQL Server service account, or cause arbitrary code to run.

Impact

This vulnerability may allow a remote attacker to gain privileges equivalent to the SQL Server Service account, or execute arbitrary code with the privileges of the SQL Server Service. Quoting from Microsoft Security Bulletin MS03-031:

Code running with service account permissions could provide an attacker with the ability to take full control over the database and the data contained within it.

Solution

Apply a patch as described in Microsoft Security Bulletin MS03-031.

Vendor Information

584868
 
Affected   Unknown   Unaffected

Microsoft Corporation

Updated:  July 24, 2003

Status

  Vulnerable

Vendor Statement

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS03-031.asp

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This vulnerability was discovered by Andreas Junstream of @Stake. The CERT/CC thanks Microsoft for providing Microsoft Security Bulletin MS03-031, upon which the majority of this document is based.

This document was written by Ian A Finlay.

Other Information

CVE IDs: CVE-2003-0232
Severity Metric: 36.00
Date Public: 2003-07-23
Date First Published: 2003-07-24
Date Last Updated: 2003-07-24 18:04 UTC
Document Revision: 11

Sponsored by CISA.